General
-
Target
Urgent Request For Quotation.exe
-
Size
661KB
-
Sample
221205-3c4wwsgc25
-
MD5
652477b1b34d67d811ec3498bd029a8b
-
SHA1
cf6f49e4580367bacdc8b0ad2c7d156456c5ea82
-
SHA256
3276e7ff57ccbea104651066c1d45301d52fbfce23d0d48f5238d82a51abd852
-
SHA512
f1c67ff884ab0a060b3b39a2eacdbdd812359094571f9bb28078d3abc20f603e04b1b8686efeba181f55a15a23a220c67c6adb2ae151e0bb467bef7119c388a3
-
SSDEEP
12288:uPuYd+V6b1momPZefIqohbyyGEKGC5TxK4/1xm7tHyJg38i4ePqLPuYd+V6b:uPuYd+V6bIomxiJoKnzxO7d38ijqLPuI
Static task
static1
Behavioral task
behavioral1
Sample
Urgent Request For Quotation.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
snky
AiMFvkl6+A4HEgZ99q5x4naN7lGmvJo=
tvj/KUTKeKgxszIemQ==
DTrTokBrjB5leF4=
tPeTOuIjJPtH
taxtMdIygEdpskxzOQ2ZjoAEeA==
CxLuaKAFRrJyuIqQUPbhZw==
Tn4fapT5kPmk1H0gpXQ=
h5p8hDqGSiRzdSbV
i3lg8tbRNRU6jC9pQSOxzHYZgpbnOKBx
EwbfBo6m+UXU2qaVUPbhZw==
WpeenFSMquJ3xXD1/b43
niV5qTFu3tfmcgrI
fqyyyElbdxWswJ7A
Lh7o92ZOr4ghbwvK
Y2RYMDue4x+KszIemQ==
lN3Y3z5AS85eah1MDvfFQQA=
uq+Oqh8MNRxHOOkqA9lqYEZZhJU=
FEtGDeGnnRoSQEM=
TkMlruotvsmtpFwg6shr03LjwMWGow==
7PGx8hNMep8EMj5Q39dsq16IbbaIrA==
JWBJ1NPwDiQGtx/1/b43
jLyxuI7yXHuMCAAEo4w2
u8emc+77PGLK1m71/b43
x/CcdfoDSCRZnVXDPRSpyXmY8VGmvJo=
KVhmdDtqi+J1szIemQ==
wsdvKMDzVJnqRRgHkQ==
t7qiOXzCVU8uTkrIRfwcGc3MSI4=
KmYObYWgvRG0NUY=
nAjQEiY0lBR3szIemQ==
Rbp9QuwhlL3Y6n0gpXQ=
9i/2sO0wWSEWFN1VSTPOC7s4
D3mUkmojJPtH
9j9GR6fFQB5leF4=
xgbp6k8+ov9wcVRTFshikCZFcA==
aWX+xof8Okn/Uuku87rXRjMObIg=
eoNOhYB9un2qA/7BczPs5Zow
2kojAargCM7IyqgrpHwFKbyNjtQU
y/zzintehOseIvyhZ/kDfx4=
YXZNaeznGso2Kkk=
GQyw87qm1C7hMOLb56xmcRg=
gnhB/W9glMlovyXzX2M=
/gTb6IIzhtlsszIemQ==
2fykfBhO0wIGGB+bIbX48vyNjtQU
fLG3th9M26TDQcwJ3rhAbw==
gYBibCt5+mkhszIemQ==
Mi/qtVF8lR5leF4=
+osZ4s4sfzWTmA==
P1bvKyhWmoIcNgpGUPbhZw==
tMR5NMrQNkZ5ynv1/b43
FEJcaBIWVA0qfh1GUPbhZw==
DT4eVFxUjh5leF4=
Vo6XENrMLrVRVhnMjQXkeQk=
gMjK4FdEoqrdLt+edDrs5Zow
HVTpxnKwL8wkcCtAwHw=
E6AxvSU83Q==
cZo27n9MYTcGQEM=
TI52b9eXk5vmcgrI
ERLi/Ii6F/1Yop3wxqYtazMObIg=
4xO77Ma1ILuS1H0gpXQ=
EuWM4vsLahvPCQb1/b43
EDhHQvo3aRJreGabWzYAeQ==
nNXES0A+b9Kj9ZaBgGw=
ERz8ic0GIJfIxoQ79dShF63fAA3QHcSDFw==
Pm9i8+HMLb1+wn0gpXQ=
lodehewulan.yachts
Targets
-
-
Target
Urgent Request For Quotation.exe
-
Size
661KB
-
MD5
652477b1b34d67d811ec3498bd029a8b
-
SHA1
cf6f49e4580367bacdc8b0ad2c7d156456c5ea82
-
SHA256
3276e7ff57ccbea104651066c1d45301d52fbfce23d0d48f5238d82a51abd852
-
SHA512
f1c67ff884ab0a060b3b39a2eacdbdd812359094571f9bb28078d3abc20f603e04b1b8686efeba181f55a15a23a220c67c6adb2ae151e0bb467bef7119c388a3
-
SSDEEP
12288:uPuYd+V6b1momPZefIqohbyyGEKGC5TxK4/1xm7tHyJg38i4ePqLPuYd+V6b:uPuYd+V6bIomxiJoKnzxO7d38ijqLPuI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-